On 28 Jun2013, at 10:15 , Phil Pennock <[email protected]> wrote:
> On 2013-06-27 at 11:41 -0400, B.R. wrote: >> The Nginx website's page <http://nginx.org/en/linux_packages.html> on Linux >> packages provides you with the key file address: >> http://nginx.org/en/linux_packages.html > > You mean: > http://nginx.org/keys/nginx_signing.key > > (And if you import a file retrieved over plain http straight into your > trust anchors with no further verification, you have other problems). We've added short explanation with links to gpg docs about how and why pgp signatures should be checked: http://nginx.org/en/linux_packages.html#signatures _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
